matthew/helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generic way for configuring Gitea app.ini (#240)

Browse Source 
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources.
These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose
on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps.

- Fixes #243
- Fixes #174
- Fixes #260

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
This commit is contained in:
justusbunsi 2021-12-22 18:44:04 +08:00 committed by luhahn
parent 66683e14df
commit 7b0a1c7ae6
6 changed files with 314 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.markdownlint.yaml
View File

@ -135,6 +135,8 @@ MD044:
- MySQL
- Memcached
- Prometheus
- Git
- GitOps
# Include code blocks
code_blocks: false
@ -146,4 +148,4 @@ MD046:
# MD048/code-fence-style - Code fence style
MD048:
# Code fence syle
style: "backtick"
style: "backtick"

46
README.md
View File

@ -272,6 +272,52 @@ The Prometheus `/metrics` endpoint is disabled by default.
ENABLED = false
```
### Additional _app.ini_ settings
> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
section cannot be defined that way.**
Some settings inside _app.ini_ (like passwords or whole authentication configurations)
must be considered sensitive and therefore should not be passed via plain text
inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored
in a Git repository where sensitive data should never be accessible.
The Helm Chart supports this approach and let the user define custom sources like
Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation
or update.
```yaml
gitea:
additionalConfigSources:
- secret:
secretName: gitea-app-ini-oauth
- configMap:
name: gitea-app-ini-plaintext
```
This would mount the two additional volumes (`oauth` and `some-additionals`)
from different sources to the init containerwhere the _app.ini_ gets updated.
All files mounted that way will be read and converted to environment variables
and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
The key of such additional source represents the section inside the _app.ini_.
The value for each key can be multiline ini-like definitions.
In example, the referenced `gitea-app-ini-plaintext` could look like this.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-app-ini-plaintext
data:
session: |
PROVIDER=memory
SAME_SITE=strict
cron.archive_cleanup: |
ENABLED=true
```
### External Database
An external Database can be used instead of builtIn PostgreSQL or MySQL.

154
templates/_helpers.tpl
View File

@ -155,3 +155,157 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "gitea.inline_configuration" -}}
{{- include "gitea.inline_configuration.init" . -}}
{{- include "gitea.inline_configuration.defaults" . -}}
{{- $generals := list -}}
{{- $inlines := dict -}}
{{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }}
{{- if gt (len $value) 0 }}
{{- $section := default list (get $inlines $key) -}}
{{- range $n_key, $n_value := $value }}
{{- $section = append $section (printf "%s=%v" $n_key $n_value) -}}
{{- end }}
{{- $_ := set $inlines $key (join "\n" $section) -}}
{{- end -}}
{{- else }}
{{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}}
{{- $generals = append $generals (printf "%s=%s" $key $value) -}}
{{- else -}}
{{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}}
{{- end -}}
{{- end }}
{{- end }}
{{- $_ := set $inlines "_generals_" (join "\n" $generals) -}}
{{- toYaml $inlines -}}
{{- end -}}
{{- define "gitea.inline_configuration.init" -}}
{{- if not (hasKey .Values.gitea.config "cache") -}}
{{- $_ := set .Values.gitea.config "cache" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "server") -}}
{{- $_ := set .Values.gitea.config "server" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "metrics") -}}
{{- $_ := set .Values.gitea.config "metrics" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "database") -}}
{{- $_ := set .Values.gitea.config "database" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "security") -}}
{{- $_ := set .Values.gitea.config "security" dict -}}
{{- end -}}
{{- if not .Values.gitea.config.repository -}}
{{- $_ := set .Values.gitea.config "repository" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
{{- end -}}
{{- end -}}
{{- define "gitea.inline_configuration.defaults" -}}
{{- include "gitea.inline_configuration.defaults.server" . -}}
{{- include "gitea.inline_configuration.defaults.database" . -}}
{{- if not .Values.gitea.config.repository.ROOT -}}
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
{{- end -}}
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
{{- end -}}
{{- if .Values.gitea.cache.builtIn.enabled -}}
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
{{- if not (.Values.gitea.config.cache.HOST) -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "gitea.inline_configuration.defaults.server" -}}
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
{{- end -}}
{{- if not .Values.gitea.config.server.PROTOCOL -}}
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
{{- end -}}
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
{{- if gt (len .Values.ingress.hosts) 0 -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.ROOT_URL -}}
{{- if .Values.ingress.enabled -}}
{{- if gt (len .Values.ingress.tls) 0 -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}}
{{- end -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_PORT -}}
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
{{- if not .Values.image.rootless -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
{{- end -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
{{- if .Values.image.rootless -}}
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
{{- end -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
{{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}}
{{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}}
{{- end -}}
{{- end -}}
{{- define "gitea.inline_configuration.defaults.database" -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}}
{{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}}
{{- end -}}
{{- end -}}

229
templates/gitea/config.yaml
View File

@ -1,5 +1,15 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gitea.fullname" . }}-inline-config
labels:
{{- include "gitea.labels" . | nindent 4 }}
type: Opaque
stringData:
{{- include "gitea.inline_configuration" . | nindent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gitea.fullname" . }}
labels:
@ -10,160 +20,105 @@ stringData:
#!/usr/bin/env bash
set -euo pipefail
{{- if not (hasKey .Values.gitea.config "cache") -}}
{{- $_ := set .Values.gitea.config "cache" dict -}}
{{- end -}}
function env2ini::log() {
printf "${1}\n"
}
{{- if not (hasKey .Values.gitea.config "server") -}}
{{- $_ := set .Values.gitea.config "server" dict -}}
{{- end -}}
function env2ini::read_config_to_env() {
local section="${1}"
local line="${2}"
{{- if not (hasKey .Values.gitea.config "metrics") -}}
{{- $_ := set .Values.gitea.config "metrics" dict -}}
{{- end -}}
if [[ -z "${line}" ]]; then
# skip empty line
return
fi
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
{{- if not (hasKey .Values.gitea.config "database") -}}
{{- $_ := set .Values.gitea.config "database" dict -}}
{{- end -}}
if [[ -z "${setting}" ]]; then
env2ini::log ' ! invalid setting'
exit 1
fi
{{- if not (hasKey .Values.gitea.config "security") -}}
{{- $_ := set .Values.gitea.config "security" dict -}}
{{- end -}}
local value=''
local regex="^${setting}(\s*)=(\s*)(.*)"
if [[ $line =~ $regex ]]; then
value="${BASH_REMATCH[3]}"
else
env2ini::log ' ! invalid setting'
exit 1
fi
{{- if not .Values.gitea.config.repository -}}
{{- $_ := set .Values.gitea.config "repository" dict -}}
{{- end -}}
env2ini::log " + '${setting}'"
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
{{- end -}}
if [[ -z "${section}" ]]; then
export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase
return
fi
{{- /* repository default settings */ -}}
{{- if not .Values.gitea.config.repository.ROOT -}}
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
{{- end -}}
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
masked_section="${masked_section//-/_0X2D_}"
{{- /* security default settings */ -}}
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
{{- end -}}
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
}
{{- /* server default settings */ -}}
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
{{- end -}}
{{- if not .Values.gitea.config.server.PROTOCOL -}}
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
{{- end -}}
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
{{- if gt (len .Values.ingress.hosts) 0 -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.ROOT_URL -}}
{{- if .Values.ingress.enabled -}}
{{- if gt (len .Values.ingress.tls) 0 -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}}
{{- end -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_PORT -}}
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
{{- if not .Values.image.rootless -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
{{- end -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
{{- if .Values.image.rootless -}}
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
{{- end -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
{{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}}
{{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}}
{{- end -}}
function env2ini::process_config_file() {
local config_file="${1}"
local section="$(basename "${config_file}")"
{{- /* metrics default settings */ -}}
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
{{- end -}}
if [[ $section == '_generals_' ]]; then
env2ini::log " [ini root]"
section=''
else
env2ini::log " ${section}"
fi
{{- /* database default settings */ -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
{{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}}
{{ else if .Values.gitea.database.builtIn.mariadb.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}}
{{- end -}}
while read -r line; do
env2ini::read_config_to_env "${section}" "${line}"
done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
}
{{- /* cache default settings */ -}}
{{- if .Values.gitea.cache.builtIn.enabled -}}
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
{{- if not (.Values.gitea.config.cache.HOST) -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
{{- end -}}
{{- end -}}
function env2ini::load_config_sources() {
local path="${1}"
{{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }}
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
{{- end }}
{{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }}
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
{{- end }}
{{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }}
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
{{- end }}
env2ini::log "Processing $(basename "${path}")..."
{{- /* autogenerate app.ini environment values */ -}}
{{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }}
{{- if gt (len $value) 0 }}
{{- range $n_key, $n_value := $value }}
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }}
{{- end }}
{{- end }}
{{- else }}
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }}
{{- end }}
{{- end }}
while read -d '' configFile; do
env2ini::process_config_file "${configFile}"
done < <(find "${path}" -type l -not -name '..data' -print0)
env2ini::log "\n"
}
function env2ini::generate_initial_secrets() {
# These environment variables will either be
# - overwritten with user defined values,
# - initially used to set up Gitea
# Anyway, they won't harm existing app.ini files
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
env2ini::log "...Initial secrets generated\n"
}
# MUST BE CALLED BEFORE OTHER CONFIGURATION
env2ini::generate_initial_secrets
env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
env2ini::log "=== All configuration sources loaded ===\n"
# safety to prevent rewrite of secret keys if an app.ini already exists
if [ -f ${GITEA_APP_INI} ]; then
env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
env2ini::log ' - security.INTERNAL_TOKEN'
env2ini::log ' - security.SECRET_KEY'
env2ini::log ' - oauth2.JWT_SECRET'
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
unset ENV_TO_INI__SECURITY__SECRET_KEY
unset ENV_TO_INI__OAUTH2__JWT_SECRET

13
templates/gitea/statefulset.yaml
View File

@ -97,6 +97,12 @@ spec:
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
- name: inline-config-sources
mountPath: /env-to-ini-mounts/inlines/
{{- range $idx, $value := .Values.gitea.additionalConfigSources }}
- name: additional-config-sources-{{ $idx }}
mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/"
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
@ -284,6 +290,13 @@ spec:
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
- name: inline-config-sources
secret:
secretName: {{ include "gitea.fullname" . }}-inline-config
{{- range $idx, $value := .Values.gitea.additionalConfigSources }}
- name: additional-config-sources-{{ $idx }}
{{- toYaml $value | nindent 10 }}
{{- end }}
- name: temp
emptyDir: {}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}

6
values.yaml
View File

@ -205,6 +205,12 @@ gitea:
# security:
# PASSWORD_COMPLEXITY: spec
additionalConfigSources: []
# - secret:
# secretName: gitea-app-ini-oauth
# - configMap:
# name: gitea-app-ini-plaintext
podAnnotations: {}
database: